[Freeswitch-users] TLS stops when a call is enabled

Aina Mestre aina.mestre at airenetworks.es
Tue Sep 27 06:41:59 UTC 2022 

Good morning,

I have just corrected what you comment, but that didn’t solve my problem. My problem is that the SIP protocol is not encrypted so even if the RTP is encrypted, you can see all INVITE information on wireshark. I tryed to solve it adding in the dialplan
<action application="bridge" data="{${t38}}${mydialbridge};transport=tls"/>)

But the result I get is an error that says “TLS not supported by profile”

Thank you in advance

De: FreeSWITCH-users <freeswitch-users-bounces at lists.freeswitch.org> En nombre de Brian West
Enviado el: lunes, 26 de septiembre de 2022 17:33
Para: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
CC: Pablo Pizarro <pablo.pizarro at airenetworks.es>
Asunto: Re: [Freeswitch-users] TLS stops when a call is enabled

Este e-mail fue originado fuera de Aire Networks. Ayúdanos a mantener segura nuestra empresa. Por favor, extrema las medidas de seguridad con los adjuntos, los enlaces o las solicitudes que pueda contener.

This is a variable:
 <param name='rtp_secure_media' value='mandatory: AES_CM_128_HMAC_SHA1_80'/>

NOT A PARAM.

/b


On Mon, Sep 26, 2022 at 9:09 AM Aina Mestre <aina.mestre at airenetworks.es<mailto:aina.mestre at airenetworks.es>> wrote:
Good morning,

I’m trying to configure SRTP with TLS on Freeswitch. I already have SRTP, and I can establish a conversation with TLS, but when I make a call, it says “encrypted alert” and the TLS conversation stops sending the INVITE in TCP. I have been looking for some solutions and it states that the problema may be that the certificate is not properly configured or that TLS is not properly configured. It is imposible that the certificate has any problems because I currently get TLS untill the call starts.

Here it is the configuration on my profile:


        <param name='rtp_secure_media' value='mandatory: AES_CM_128_HMAC_SHA1_80'/>
        <param name='bind-params" value="tls"/>
        <param name='tls-version' value='tlsv1'/>
        <param name='register-transport' value='tls'/>
        <param name="register" value="false"/>
        <param name="transport" value="tls"/>
        <param name="tls" value="$${internal_ssl_enable}"/>
        <param name="tls-only" value="true"/>
        <param name="tls-bind-params" value="transport=tls"/>
        <param name="tls-sip-port" value="$${internal_tls_port}"/>
        <param name="tls-cert-dir" value="/usr/local/freeswitch/conf"/>
        <param name="tls-verify-date" value="true"/>
        <param name="tls-verify-policy" value="none"/>
        <param name="tls-version" value="$${sip_tls_version}"/>
        <param name="tls-ciphers" value="$${sip_tls_ciphers}"/>
        <param name="contact-params" value="tport=tls"/>
        <param name="ws-binding" value="XX.XX.XX.XX:5061"/>

Also, I would like to make another observation: when I configure the bridge has transport=TLS ( <action application="bridge" data="{${t38}}${mydialbridge};transport=tls"/>) in the dialplan, the debug says “TLS not supported by profile”

Thank you for taking the time to deal with my queries

Kind regards.

_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales at freeswitch.com<mailto:sales at freeswitch.com>
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com


--


Brian West | Co-founder and Developer

Need Commercial support? email sales at freeswitch.com<mailto:sales at freeswitch.com>

FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>

Email: brian at freeswitch.com<mailto:brian at freeswitch.com>

Mobile: 918-424-9378

Website: https://www.FreeSWITCH.com<https://www.freeswitch.com/>

[https://www.facebook.com/signalwireinc?src=email]<https://www.facebook.com/freeswitch>[https://twitter.com/freeswitch]<https://twitter.com/freeswitch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20220927/6d7cad70/attachment-0001.html>

More information about the FreeSWITCH-users mailing list